[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6681-1)

Oracle Ksplice gregory.herrero at oracle.com
Thu Mar 14 09:28:54 UTC 2024 

Synopsis: USN-6681-1 can now be patched using Ksplice
CVEs: CVE-2021-44879 CVE-2023-22995 CVE-2023-25775 CVE-2023-28464 CVE-2023-4244 CVE-2023-45898 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-6121 CVE-2023-6531 CVE-2024-0340

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6681-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-51779: Denial-of-service when receiving data over Bluetooth.

A locking issue when receiving data over Bluetooth could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2023-28464: Use-after-free in Bluetooth subsystem.

A double free was found in the bluetooth subsystem when cleaning up a
connection, leading to a use-after-free error. A local attacker can
exploit this to cause denial-of-service or privilege escalation.


* CVE-2023-25775: Information disclosure in the Intel(R) Ethernet Controller RDMA driver.

A flaw in irdma allows to program zero-length STAGs in hardware. An
attacker could use this flaw to access sensitive kernel information.


* CVE-2023-6531: Use-after-free in io_uring subsystem.

Garbage collection of io_uring files races with the operations of
Unix-domain sockets which use the files, leading to a use-after-free
error. A local attacker can exploit this to cause a denial-of-service
or privilege escalation.


* CVE-2023-51780: Use-after-free in the ATM networking stack.

Asynchronous Transfer Mode (ATM) ioctl calls can race with datagram
reception causing a use-after-free error. A local attacker can
exploit this to cause a denial-of-service or privilege escalation.


* CVE-2024-0340: Information leak when using Vhost.

A missing zeroing of kernel memory when using Vhost could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2021-44879: Denial-of-service when using f2fs filesystem.

A NULL pointer dereference error can occur in the system filesystem due
to an incorrect check during garbage collection. A local attacker can
exploit this to cause denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-22995.

Oracle has determined that the vulnerability does not affect a running
system.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-4244.

A race condition in the set implementation of nftables between
the control plane and the garbage collection worker could lead to a
use-after-free. A local user with CAP_NET_ADMIN access could use this
flaw to cause a crash or expose sensitive kernel information.

Oracle has determined that patching CVE-2023-4244 on a running system
would not be safe and recommends a reboot.

On workloads that permit it, a temporary mitigation is to disallow
unprivileged users from creating namespaces:

sudo sysctl -w kernel.unprivileged_userns_clone=0


* CVE-2023-51782: Denial-of-service in Amateur Radio X.25 PLP subsystem.

A locking error in Amateur Radio X.25 PLP (Rose) ioctl can lead to a
use-after-free. A local attacker can exploit this to cause a
denial-of-service or privilege escalation.


* CVE-2023-6121: Out-of-bounds read in NVMe-oF/TCP subsystem.

NVMe Qualified Names (NQNs) used to identify the endpoints when setting
up connections are not NULL terminated, leading to out-of-bounds read.
An attacker can exploit this remotely by sending a malicious payload to
extract sensitive information from the kernel memory.


* Note: Oracle has determined that CVE-2023-45898 is not applicable.

A use-after-free error was introduced in the ext4 filesystem after
an improvement was added which utilized pre-existing allocations.
A local attacker can exploit this to cause a denial-of-service or
privilege escalation.

The kernel is not affected by CVE-2023-45898 since the code introducing
the issue is not present.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list